A company that tracked retail store customers through their smartphones without notifying them and without giving them a chance to turn off the tracking has settled a U.S. Federal Trade Commission complaint that it didn’t live up to its privacy promises.

Retail tracking firm Nomi Technologies stated in its privacy policy from late 2012 that it would provide a customer opt-out mechanism at stores using its tracking services, thus implying that it would notify customers of the tracking efforts, the FTC said. But the company did not give customers an opt-out option and did not notify customers they were being tracked, the agency said Thursday.

“It’s vital that companies keep their privacy promises to consumers when working with emerging technologies, just as it is in any other context,” Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said in a statement. “If you tell a consumer that they will have choices about their privacy, you should make sure all of those choices are actually available to them.”

Nomi, founded in September 2012, said it was pleased to reach the settlement with the FTC. “We continually review our privacy policies to ensure that they follow best practices and had already made the recommended changes in pursuit of that goal by updating our privacy policy over a year and a half ago, while we were still an early-stage startup that was less than a year old,” the company said in a statement.

The company also noted that the FTC’s two Republican commissioners opposed the agency taking action against the company. There was no consumer harm in the case, Republican Commissioner Maureen Ohlhausen said.

Nomi is a “young company that attempted to go above and beyond its legal obligation to protect consumers but, in doing so, erred without benefitting itself,” Ohlhausen wrote in her dissent.

Nomi installs sensors in its clients’ stores that collect the MAC addresses of store customers’ mobile devices as the devices search for Wi-Fi networks. Nomi partially obscures, or hashes, the MAC addresses before storing them, but the process produces an identifier that is unique to a consumer’s mobile device and can be tracked over time, the FTC said.

Nomi tracked consumers both inside and outside their clients’ stores, including the device type, date and time and other information, according to the FTC’s complaint.

In reports to retail clients, Nomi provided aggregated information on how many consumers passed by the store instead of entering, how long consumers stayed in the store, the types of devices used by consumers, how many repeat customers enter a store in a given period and how many customers had visited another location in a particular chain of stores.

In the settlement with the FTC, Nomi is prohibited from misrepresenting consumers’ options for controlling whether information is collected, use or shared about them and their devices. Nomi is also prohibited from misrepresenting how it notifies consumers about its information-gathering practices.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.